Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Code Dx:<br />
A Software Vulnerability<br />
Correlation and Management System<br />
Most computer security incidents can be traced<br />
back to weaknesses in software that were<br />
inadvertently put there when the code was<br />
developed. Attackers can–and very often do–find and<br />
exploit such weaknesses as a means to attack organizations’<br />
applications. Information security has focused primarily on<br />
network security and less on securing the software that<br />
resides on networks and poses risks. Numerous Application<br />
<strong>Security</strong> Testing (AST) tools help software developers and<br />
security analysts find vulnerabilities during all stages of the<br />
software development lifecycle, but many don’t use these<br />
tools until it’s too late.<br />
Code Dx Enterprise is a software vulnerability correlation<br />
and management system that consolidates and normalizes<br />
software vulnerabilities detected by multiple static<br />
application security testing (SAST) and dynamic<br />
application security testing (DAST) tools, as well as the<br />
results of manual code reviews. Code Dx addresses several<br />
obstacles to deploying secure software: the high cost of<br />
using multiple AST tools; combining and correlating the<br />
results of multiple tools into one format; and prioritizing<br />
vulnerabilities for easy remediation and reporting.<br />
Code Dx overcomes these obstacles by first providing an<br />
easy-to-use and affordable tool that automatically selects,<br />
configures and runs open-source software tools for the<br />
user’s specific code base. It also correlates and<br />
de-duplicates the results of multiple commercial and<br />
open-source static source code and DAST tools. Finally, it<br />
provides a vulnerability management solution that helps<br />
prioritize vulnerabilities, assign them to developers for<br />
remediation and track the remediation process.<br />
Uniqueness of Code Dx<br />
Code Dx differentiates itself from its competitors on ease of<br />
use, lower cost, the number and types of static and dynamic<br />
testing tools supported, and seamless integration into<br />
software development environments. In the business of<br />
making software more secure, Code DX helps software<br />
developers, testers and security analysts find vulnerabilities<br />
before the attackers can exploit them. It provides easy and<br />
affordable application vulnerability correlation and<br />
management systems that enable users to search for and<br />
manage vulnerabilities in software.<br />
<strong>The</strong> award-winning Code Dx solution integrates the results<br />
of multiple static and DAST tools and manual reviews into<br />
a consolidated set of results for quick and easy triage,<br />
prioritization and remediation. By offering the hybrid<br />
combination of findings from static and dynamic<br />
application security testing, Code Dx provides users with<br />
broader vulnerability testing coverage to better identify<br />
those vulnerabilities which are easily accessible to an<br />
external attacker.<br />
Service with Satisfaction<br />
Code Dx addresses a number of issues across its diverse<br />
clientele. For those who are relatively new to application<br />
security, Code Dx offers support for understanding the<br />
output of the testing tools embedded within Code Dx. In<br />
fact, the company has been lauded by several customers for<br />
20<br />
November 2016